mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-10 09:23:52 +08:00
99 lines
3.2 KiB
Perl
Executable file
99 lines
3.2 KiB
Perl
Executable file
#! /usr/bin/env perl
|
|
# vim: set filetype=perl ts=4 sw=4 sts=4 et:
|
|
use common::sense;
|
|
use Term::ANSIColor;
|
|
use POSIX ();
|
|
|
|
use File::Basename;
|
|
use lib dirname(__FILE__) . '/../../../lib/perl';
|
|
use OVH::Result;
|
|
use OVH::Bastion;
|
|
use OVH::Bastion::Plugin qw( :DEFAULT help );
|
|
|
|
my $remainingOptions = OVH::Bastion::Plugin::begin(
|
|
argv => \@ARGV,
|
|
header => "delete an existing bastion account",
|
|
options => {
|
|
'account=s' => \my $account,
|
|
'i-am-a-robot-and-i-dont-know-how-to-answer-your-question|no-confirm' => \my $noConfirm,
|
|
},
|
|
helptext => <<'EOF',
|
|
Delete an account from the bastion
|
|
|
|
Usage: --osh SCRIPT_NAME --account ACCOUNT
|
|
|
|
--account ACCOUNT Account name to delete
|
|
--no-confirm Don't ask for confirmation, and blame yourself if you deleted the wrong account
|
|
EOF
|
|
);
|
|
|
|
#
|
|
# code
|
|
#
|
|
my $fnret;
|
|
|
|
#
|
|
# params check
|
|
#
|
|
if (!$account) {
|
|
help();
|
|
osh_exit 'ERR_MISSING_PARAMETER', "Missing 'account' parameter";
|
|
}
|
|
|
|
$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $account);
|
|
$fnret or osh_exit $fnret;
|
|
$account = $fnret->value->{'account'}; # untaint
|
|
|
|
if (!$noConfirm) {
|
|
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
|
|
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
|
|
osh_info "!!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!! WARNING !!!!";
|
|
osh_info " ";
|
|
}
|
|
|
|
$fnret = OVH::Bastion::is_account_active(account => $account);
|
|
if ($fnret) {
|
|
osh_warn "Hint: account $account is currently ACTIVE (i.e. not disabled), think twice before removing it!";
|
|
}
|
|
elsif ($fnret->is_err) {
|
|
osh_warn "Hint: couldn't verify $account current validity, in any case, think twice before removing it!";
|
|
}
|
|
else {
|
|
osh_info("Hint: account $account is currently " . colored("inactive", "green") . ", so what you're doing is probably fine.");
|
|
}
|
|
|
|
osh_info " ";
|
|
if (!$noConfirm) {
|
|
osh_info "You are about to DELETE a bastion account, to be sure you're not drunk, type the following sentence:";
|
|
osh_info " ";
|
|
osh_info ' "Yes, do as I say and delete <insert_here_the_account_name>, kthxbye" ';
|
|
osh_info " ";
|
|
my $sentence = <STDIN>;
|
|
chomp $sentence;
|
|
|
|
if ($sentence ne "Yes, do as I say and delete $account, kthxbye") {
|
|
osh_exit 'ERR_OPERATOR_IS_DRUNK', "You're drunk, apparently, aborted.";
|
|
}
|
|
osh_info "OK, proceeding...";
|
|
}
|
|
|
|
my @command = qw{ sudo -n -u root -- /usr/bin/env perl -T };
|
|
push @command, $OVH::Bastion::BASEPATH . '/bin/helper/osh-accountDelete';
|
|
push @command, "--type", "normal", "--account", $account;
|
|
|
|
# as the helper can take a long time to complete (because of tar), and caller in front
|
|
# of his ssh console might close it's end without waiting, tar would get a SIGHUP and
|
|
# stop. we don't want this: use setsid to be in our own session. we fork() first because
|
|
# if we are a process group leader, setsid() would fail
|
|
my $child = fork();
|
|
if (!defined $child) {
|
|
osh_warn "Couldn't fork(), proceeding without forking...";
|
|
}
|
|
exit if $child; # parent
|
|
|
|
# here, I'm the child: call setsid()
|
|
if (POSIX::setsid() == -1) {
|
|
osh_warn "Couldn't call setsid(), proceeding anyway...";
|
|
}
|
|
|
|
osh_exit OVH::Bastion::helper(cmd => \@command);
|